User permissions configuring
ADCM role model is designed for configuring user permissions via policies. As a result of a policy being applied the user has access only to the actions and ADCM objects that are included in that policy.
The ADCM offers a few ready-made user roles (sets of rules). You also can create your own roles in order to get the most suitable roles for your tasks.
You can find a few user permissions configuring examples below.
Configuring cluster administrator permissions
Let there exist two ADCM clusters named ADH and ADH Prod. Let there also exist an ADCM user named user, who is not an administrator of any cluster. Create the policy that allows the user to obtain cluster administrator permissions for the ADH cluster.
Enter the policy name (user ADH), select the Cluster Administrator role, and the user user.
Select the ADH cluster.
Apply the policy via clicking Add. The process may take a few minutes.
After the policy is applied, the user is able to see only the ADH cluster at the Clusters tab. The user also has the cluster administrator permissions for the ADH cluster.
Let there exist an ADCM user named another_user, who is not an administrator of any cluster. Make him the ADH Prod cluster administrator via the actions similar to the actions above. After the policy is applied, the another_user is able to see only the ADH Prod cluster at the Clusters. The _another`user` also has the cluster administrator permissions for the ADH Prod cluster.
The ADCM administrator is able to view all clusters in the system.
Configuring service administrator permissions
Let there exist an ADCM cluster named ADH Prod that has the HDFS service among its services. Let there also exist an ADCM user named user, who is not an administrator of any service. Create the policy that allows the user to obtain service administrator permissions for the HDFS service in the ADH Prod cluster.
Enter the policy name (user ADH Prod HDFS), select the Service Administrator role, and the user user.
Select the HDFS service in the ADH Prod cluster.
Apply the policy via clicking Add. The process may take a few minutes.
After the policy is applied, the user is able to see only the HDFS service at the Services tab of the ADH Prod cluster. The user also has the service administrator permissions for the HDFS service.
The ADCM administrator is able to view all services of the ADH Prod cluster.
Configuring read-only permissions
The ADCM User role allows the user to view ADCM objects along with their configurations and components, yet doesn’t allow the user to make any edits. This mode is, in fact, a read-only mode. The ADCM User role is available when creating policies likewise in the same way as above.